Scoop has an Ethical Paywall
Licence needed for work use Learn More

Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Cybersecurity A Major Vulnerability In The Not For Profit Sector

Grant Thornton New Zealand’s latest Not for Profit report reveals some alarming statistics about cybersecurity practices in the sector.

As phishing attempts and ransomware attacks show no signs of abating in all sectors of the economy, Grant Thornton’s research into the Not for Profit sector has revealed charities are particularly vulnerable:

  • Only 43% of NFPs invested in cyber security in the last two years to 2022
  • Just 27% plan to invest in cyber security over the next two to three years
  • 37% of NFPs do not have effective procedures to detect and report data breaches

Barry Baker, Partner and Co-Lead of Not for Profit services at Grant Thornton New Zealand says, “NFPs face unique challenges that make it harder for them to invest in cyber security. Naturally, they are always trying to minimise spending, as there’s a lot of pressure to spend as much as possible on frontline assistance to those in need, and as little as possible on the behind-the-scenes processes that deliver that assistance.

“This often means eking an extra year or so out of technology. NFPs are still using laptops that should be replaced, relying on outdated software, and legacy platforms – creating greater vulnerability to cyberattacks.

“Cyber security can also seem like a non-priority. When there hasn’t yet been a data breach or hack, that can give NFPs a dangerous false sense of security.”

The potential risks cannot be overstated

Baker says it’s not a matter of if an organisation will be hacked, it’s a matter of how bad it will be.

Advertisement - scroll to continue reading

“For a charity, this could result in a complete halt on operations, snarling up frontline services and potentially demanding a ransom to restore systems.

“Worryingly, that ‘smash and grab’ approach by bad actors is being superseded by a more insidious attack: the actors can get into your systems, look around undetected, and steal any of your data, including donors’ and/or members’ personal data.

“Then there’s the reputational fallout. Donors who see your name connected with a data breach can easily switch their contributions to another organisation”, says Baker.

How NFPs can start improving cyber security

Baker says, “The vital first step to improving cybersecurity is to start taking the risks seriously. Cyber risk is often buried in the risk register, but it should be given the same attention as health and safety.

“And, if a charity stores private data from donors or processes donor transactions, it needs to comply with certain PCI DSS standards. It may be well worth investing in a third-party payment gateway to take over processing credit cards, which reduces the data you’re keeping and the level of compliance required of the organisation.

“It’s also important to understand that tech problems aren’t really about technology – they’re about people. This means thinking about not only systems, but upskilling everyone who works in the organisation, including the board, and encouraging teams and suppliers to work together harmoniously. Only with cooperation and education can your organisation protect itself from the ongoing risks of cyberattacks.”

Read Barry Baker’s full article here.

Access Grant Thornton New Zealand’s Not for Profit report, Here for good? here.

Notes to editors

About the Grant Thornton New Zealand Not for Profit sector report

Here for good? Is Grant Thornton’s latest Not for Profit sector report – an industry study that has been conducted since 2003. The research covers legislative changes, strategy, governance, risk management, technology, human resources, funding sources and financial stability.

The survey was developed by Grant Thornton New Zealand’s team of Not for Profit specialists. The number of completed surveys received was 174. Most participants are either incorporated societies or charitable trusts across all reporting tiers.

About Grant Thornton International Ltd*

Grant Thornton is one of the world's leading organisations of independent assurance, tax and advisory firms. These firms help dynamic organisations unlock their potential for growth by providing meaningful, actionable advice through a broad range of services. Proactive teams, led by approachable partners in these firms, use insights, experience and instinct to solve complex issues for privately owned, publicly listed and public sector clients. Over 62,000 Grant Thornton people, in more than 130 countries, are focused on making a difference to clients, colleagues and the communities in which we live and work.

Grant Thornton International is a non-practicing, international umbrella entity organised as a private company limited by guarantee incorporated in England and Wales.

References to "Grant Thornton" are to the brand under which the Grant Thornton member firms operate and refer to one or more member firms, as the context requires. Grant Thornton International and the member firms are not a worldwide partnership. Services are delivered independently by member firms, which are not responsible for the services or activities of one another. Grant Thornton International does not provide services to clients.

*All references to Grant Thornton International in the press release and this “Notes to editor” section are to Grant Thornton International Ltd. Grant Thornton International Ltd is a non-practicing, international umbrella entity organized as a private company limited by guarantee incorporated in England and Wales.

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.